Backdoor in CCleaner!
I was just emphasizing the need for OPEN SOURCE software everywhere and then this piece came out, Wow.
It looks like CCleaner, one of the most popular "cleaning" softwares out there for Windows and I believe Mac too, was just backdoored in it's recent release. CCleaner is a software that cleans broken files, fixes registry stuff and defragments files on Windows …. just got a nice piece of malware in it. The "supply chain" of CCleaner, Piriform, was somehow compromized, and their keys were used to sign the malwared version. CCleaner and Piriform is owned by Avast.
Well it looks like 2,000,000,000 computers are potentially compromized. The malware can remote control the computers of the victims !!!
Read More here:
- https://www.reddit.com/r/privacy/comments/70umbm/hackers_hid_backdoor_in_ccleaner_security_app/
- https://arstechnica.com/information-technology/2017/09/backdoor-malware-planted-in-legitimate-software-updates-to-ccleaner
- https://motherboard.vice.com/en_us/article/a3kgpa/ccleaner-backdoor-malware-hack
Rant
Now let that sink in for a moment people. People who use closed source software knowing that there are much better alternative out there in the open source community are really fools.
Yes and that includes you too, if you fit in that category. I can't understand why people are deliberately using closed source software when they should know that there are really better alternatives out there that are open, transparent and above all secure against such pathetic hack attacks.
I mean literally, you guys are naive fools, you will probably get hacked of your last ounce of privacy, and all your money will be stolen either via cryptocurrency theft or your bank account might get hacked. You will lose everything, if you don't wake up in time to this issue, because it's a serious damn issue.
The days of trendy crap is over. Now you are either secure, or you have a big bullseye on your back, just screaming and begging to be hacked.
All these nonsense softwares that people install on their machines, just exponentially increase your vulnerability. And then remember we are going into a cashless society, either Bitcoin or other cryptocurrencies or might even be online banking, perhaps mobile banking (where mobile security is at least 100x worse than PC anyway)
And I might have insulted my audience, I don't care. People are really morons if they behave like this. And I really would like them to change, it's not hard, but you have to get out of this conformist nonsense mentality.
If you are a conformist and you believe that everyone out there is just trying to help you, then you are a foolish sheep. They don't. Some good people do, but most people either don't care, or are actively trying to hurt you.
Letting your guard down for the sake of convenience is not an intelligent option. You will get scammed or hacked that way, almost every time.
But surfing against the waves, being a little bit paranoid, not too much, just healthy skepticism, and being prepared in the case of catastrophes is the good way to behave. It's not trendy, but it does help people in the end, when big problems arise.
Now you have cyberattack after cyberattack. Computers are all paralized, you probably have almost all computers hackable by now given how much crap people install on it. Plus the basic browsing security that people almost always ignore, is just ridiculous.
It's almost like people are begging to get hacked, because this is really a crazy behavior, it makes no sense to behave like this.
You know you have a nose and a tongue for a reason. When you put the food in your mouth, you first smell it, then you taste it. And you only eat it if it tastes good. That is how you distinguish edible food from poison.
When it comes to software, the open source nature of the software, together with cryptographic signing (GPG) and hash checksums (SHA256) are your digital noses and tongues. You use these to make sure that the software is genuine, trustworthy and it does what it's source claims to do. Perhaps deterministic builds from the source code are another layer of security.
Now that is reasonable security, I am sure there are other ways to harden it, but just following these basic steps you can probably avoid 99% of the dangers out there. But completely ignoring the dangers, is just stupid.
Sources:
https://pixabay.com
CCLeaner is a wonderfully automated way to do damage to your system. No wit has the added of function of handing control over to someone else so they can extend the impact to your life.
Thanks for sharing for the benefit of others, resteeming for same.
Hahaha that is true. Actually there is an open source alternative Bleachbit.
But I have never used any "cleaner" tool since I abandoned Windows, and everything works fine.
If the PC is slow that is caused by malware downloads or maybe your OS needs an update. But you definitely don't need any cleaner tool on Linux.
...or defrag, thanks Mr Journal™ :D
The defragmentation issue arises because of a shitty filesystem like NTFS. Linux uses Ext file system that does that automatically and organizes files more efficiently on the harddisk:
The only thing that I would use these cleaners are to clean temporary files and cookies from the browser. But this can be done manually perhaps with some script, the temp files can be set to be emptied like weekly, and the cookies can be blocked or set to expire after 1 week let's say.
That was my point, managing Linux is a lot easier and quicker than Windows (servers or otherwise) by a long shot. ext is great, Btrfs is pretty nice too.
It's easy enough to crontab a cleanup script for specified directories, or watch with
du <dir>& conditionallysendmailif manual intervention is preferred.For Windows, users can:
cleanmgr /sageset:1cleanmgr /sagerun:1cleanmgr /sagerun:1, specify name & icon, to make a cleanup shortcutsetsets the actions,runruns the clean with those settings, settings stored as user level execution but can useseta second time with right-click "run as admin" and thenrunas admin too. Can create multiple sets of predefined actions using different integers, ie: sageset:1, sageset:2, sageset:3...Exactly, just clean the temp files I believe there is a temp directory somewhere in the system files.
And then clean the /var folder.
As for cookies and browser stuff, just use a custom configuration that already takes care of that:
There is nothing else left to be done, this is basically everything, uness you want to clear other stuff like bash history and other app cache, so then install Bleachbit.
But cleaning the temporary folders can be done with just a 2 line python script, which can even be set to load every week with coding into it the dates it can execute itself ,like say Sundays:
It is very very easy to use Linux, and I am still considering myself a novice user. It's just so easy that anyone can do it.
++
Sometimes blunt honesty is the only honesty; appreciate the words you speak good sir. A little harsh but it wakes people up! One of the first moves I ever made out of college was disable online and ATM access to my savings account. And I refuse to use a debit card, ATM card only. This effectively made my savings account a cold site. That's probably the one smart decision I've ever made in the IT realm :).
It is smart against outside threats, however the biggest threat in banking is inside implosion, sort of the bail-in stuff and civil asset forfeiture for just the suspicion of a crime, not conviction, which is arbitrary:
My defense against banking attacks is much more sophisticated: I just don't keep a lot of money in the bank, it's just that.